PHP script to create OTRS abuse tickets by snort alerts triggered

  • Thought to share this, as it may be useful to somebody else.

    It's a simple php script to automatically create OTRS tickets (mostly for Abuse depts) via its RPC API when snort triggers a specified alert.
    The idea came to my mind because we got sick of creating hundreds of abuse tickets for certain intrusion attempts on a daily basis.

    The script is not limited to but can be used in combination with the Cron package on pfSense to completely automate the process.
    Abuse contacts for a certain ip address are queried via dns from

    Note:  Requires the php56-xmlrpc module which can be installed via freshports on pfsense.


    Maybe I will develop a more general purpose IDS/IPS alerting module for pfSense with various options soon.

    Suggestions are greatly welcome.


Log in to reply